navan-ci-integration SKILL.md View full skill →

Configure Navan CI/CD integration with GitHub Actions and testing.

ReadWriteEditBash(gh:*)

Navan CI Integration

Overview

Set up CI/CD pipelines for Navan integrations with automated testing.

Prerequisites

GitHub repository with Actions enabled
Navan test API key
npm/pnpm project configured

Instructions

Step 1: Create GitHub Actions Workflow

Create .github/workflows/navan-integration.yml:


name: Navan Integration Tests

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

env:
  NAVAN_API_KEY: ${{ secrets.NAVAN_API_KEY }}

jobs:
  test:
    runs-on: ubuntu-latest
    env:
      NAVAN_API_KEY: ${{ secrets.NAVAN_API_KEY }}
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'
      - run: npm ci
      - run: npm test -- --coverage
      - run: npm run test:integration

Step 2: Configure Secrets


gh secret set NAVAN_API_KEY --body "sk_test_***"

Step 3: Add Integration Tests


describe('Navan Integration', () => {
  it.skipIf(!process.env.NAVAN_API_KEY)('should connect', async () => {
    const client = getNavanClient();
    const result = await client.healthCheck();
    expect(result.status).toBe('ok');
  });
});

Output

Automated test pipeline
PR checks configured
Coverage reports uploaded
Release workflow ready

Error Handling

Issue	Cause	Solution
Secret not found	Missing configuration	Add secret via `gh secret set`
Tests timeout	Network issues	Increase timeout or mock
Auth failures	Invalid key	Check secret value

Examples

Release Workflow


on:
  push:
    tags: ['v*']

jobs:
  release:
    runs-on: ubuntu-latest
    env:
      NAVAN_API_KEY: ${{ secrets.NAVAN_API_KEY_PROD }}
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '20'
      - run: npm ci
      - name: Verify Navan production readiness
        run: npm run test:integration
      - run: npm run build
      - run: npm publish

Branch Protection


required_status_checks:
  - "test"
  - "navan-integration"

Resources

Next Steps

For deployment patterns, see navan-deploy-integration.

navan-common-errors SKILL.md View full skill →

Diagnose and fix Navan common errors and exceptions.

ReadGrepBash(curl:*)

navan-core-workflow-a SKILL.md View full skill →

Execute Navan primary workflow: Core Workflow A.

ReadWriteEditBash(npm:*)Grep

navan-core-workflow-b SKILL.md View full skill →

Execute Navan secondary workflow: Core Workflow B.

ReadWriteEditBash(npm:*)Grep

navan-cost-tuning SKILL.md View full skill →

Optimize Navan costs through tier selection, sampling, and usage monitoring.

ReadGrep

Navan Cost Tuning

Overview

Optimize Navan costs through smart tier selection, sampling, and usage monitoring.

Prerequisites

Access to Navan billing dashboard
Understanding of current usage patterns
Database for usage tracking (optional)
Alerting system configured (optional)

Pricing Tiers

Tier	Monthly Cost	Included	Overage
Free	$0	1,000 requests	N/A
Pro	$99	100,000 requests	$0.001/request
Enterprise	Custom	Unlimited	Volume discounts

Cost Estimation


interface UsageEstimate {
  requestsPerMonth: number;
  tier: string;
  estimatedCost: number;
  recommendation?: string;
}

function estimateNavanCost(requestsPerMonth: number): UsageEstimate {
  if (requestsPerMonth <= 1000) {
    return { requestsPerMonth, tier: 'Free', estimatedCost: 0 };
  }

  if (requestsPerMonth <= 100000) {
    return { requestsPerMonth, tier: 'Pro', estimatedCost: 99 };
  }

  const proOverage = (requestsPerMonth - 100000) * 0.001;
  const proCost = 99 + proOverage;

  return {
    requestsPerMonth,
    tier: 'Pro (with overage)',
    estimatedCost: proCost,
    recommendation: proCost > 500
      ? 'Consider Enterprise tier for volume discounts'
      : undefined,
  };
}

Usage Monitoring


class NavanUsageMonitor {
  private requestCount = 0;
  private bytesTransferred = 0;
  private alertThreshold: number;

  constructor(monthlyBudget: number) {
    this.alertThreshold = monthlyBudget * 0.8; // 80% warning
  }

  track(request: { bytes: number }) {
    this.requestCount++;
    this.bytesTransferred += request.bytes;

    if (this.estimatedCost() > this.alertThreshold) {
      this.sendAlert('Approaching Navan budget limit');
    }
  }

  estimatedCost(): number {
    return estimateNavanCost(this.requestCount).estimatedCost;
  }

  private sendAlert(message: string) {
    // Send to Slack, email, PagerDuty, etc.
  }
}

Cost Reduction Strategies

Step 1: Request Sampling


function shouldSample(samplingRate = 0.1): boolean {
  return Math.random() < samplingRate;
}

// Use for non-critical telemetry
if (shouldSample(0.1)) { // 10% sample
  await navanClient.trackEvent(event);
}

Step 2: Batching Requests


// Instead of N individual calls
await Promise.all(ids.map(id => navanClient.get(id)));

// Use batch endpoint (1 call)
await navanClient.batchGet(ids);

Step 3: Caching (from P16)

Cache frequently accessed data
Use cache invalidation webhooks

navan-data-handling SKILL.md View full skill →

Implement Navan PII handling, data retention, and GDPR/CCPA compliance patterns.

ReadWriteEdit

Navan Data Handling

Overview

Handle sensitive data correctly when integrating with Navan.

Prerequisites

Understanding of GDPR/CCPA requirements
Navan SDK with data export capabilities
Database for audit logging
Scheduled job infrastructure for cleanup

Data Classification

Category	Examples	Handling
PII	Email, name, phone	Encrypt, minimize
Sensitive	API keys, tokens	Never log, rotate
Business	Usage metrics	Aggregate when possible
Public	Product names	Standard handling

PII Detection


const PII_PATTERNS = [
  { type: 'email', regex: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g },
  { type: 'phone', regex: /\b\d{3}[-.]?\d{3}[-.]?\d{4}\b/g },
  { type: 'ssn', regex: /\b\d{3}-\d{2}-\d{4}\b/g },
  { type: 'credit_card', regex: /\b\d{4}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}\b/g },
];

function detectPII(text: string): { type: string; match: string }[] {
  const findings: { type: string; match: string }[] = [];

  for (const pattern of PII_PATTERNS) {
    const matches = text.matchAll(pattern.regex);
    for (const match of matches) {
      findings.push({ type: pattern.type, match: match[0] });
    }
  }

  return findings;
}

Data Redaction


function redactPII(data: Record<string, any>): Record<string, any> {
  const sensitiveFields = ['email', 'phone', 'ssn', 'password', 'apiKey'];
  const redacted = { ...data };

  for (const field of sensitiveFields) {
    if (redacted[field]) {
      redacted[field] = '[REDACTED]';
    }
  }

  return redacted;
}

// Use in logging
console.log('Navan request:', redactPII(requestData));

Data Retention Policy

Retention Periods

Data Type	Retention	Reason
API logs	30 days	Debugging
Error logs	90 days	Root cause analysis
Audit logs	7 years	Compliance
PII	Until deletion request	GDPR/CCPA

Automatic Cleanup


async function cleanupNavanData(retentionDays: number): Promise<void> {
  const cutoff = new Date();
  cutoff.setDate(cutoff.getDate() - retentionDays);

  await db.navanLogs.deleteMany({
    createdAt: { $lt: cutoff },
    type: { $nin: ['audit', 'compliance'] },
  });
}

// Schedule daily cleanup
cron.schedule('0 3 * * *', () => cleanupNavanData(30));

navan-debug-bundle SKILL.md View full skill →

Collect Navan debug evidence for support tickets and troubleshooting.

ReadBash(grep:*)Bash(curl:*)Bash(tar:*)Grep

Navan Debug Bundle

Overview

Collect all necessary diagnostic information for Navan support tickets.

Prerequisites

Navan SDK installed
Access to application logs
Permission to collect environment info

Instructions

Step 1: Create Debug Bundle Script


#!/bin/bash
# navan-debug-bundle.sh

BUNDLE_DIR="navan-debug-$(date +%Y%m%d-%H%M%S)"
mkdir -p "$BUNDLE_DIR"

echo "=== Navan Debug Bundle ===" > "$BUNDLE_DIR/summary.txt"
echo "Generated: $(date)" >> "$BUNDLE_DIR/summary.txt"

Step 2: Collect Environment Info


# Environment info
echo "--- Environment ---" >> "$BUNDLE_DIR/summary.txt"
node --version >> "$BUNDLE_DIR/summary.txt" 2>&1
npm --version >> "$BUNDLE_DIR/summary.txt" 2>&1
echo "NAVAN_API_KEY: ${NAVAN_API_KEY:+[SET]}" >> "$BUNDLE_DIR/summary.txt"

Step 3: Gather SDK and Logs


# SDK version
npm list @navan/sdk 2>/dev/null >> "$BUNDLE_DIR/summary.txt"

# Recent logs (redacted)
grep -i "navan" ~/.npm/_logs/*.log 2>/dev/null | tail -50 >> "$BUNDLE_DIR/logs.txt"

# Configuration (redacted - secrets masked)
echo "--- Config (redacted) ---" >> "$BUNDLE_DIR/summary.txt"
cat .env 2>/dev/null | sed 's/=.*/=***REDACTED***/' >> "$BUNDLE_DIR/config-redacted.txt"

# Network connectivity test
echo "--- Network Test ---" >> "$BUNDLE_DIR/summary.txt"
echo -n "API Health: " >> "$BUNDLE_DIR/summary.txt"
curl -s -o /dev/null -w "%{http_code}" https://api.navan.com/health >> "$BUNDLE_DIR/summary.txt"
echo "" >> "$BUNDLE_DIR/summary.txt"

Step 4: Package Bundle


tar -czf "$BUNDLE_DIR.tar.gz" "$BUNDLE_DIR"
echo "Bundle created: $BUNDLE_DIR.tar.gz"

Output

navan-debug-YYYYMMDD-HHMMSS.tar.gz archive containing:
summary.txt - Environment and SDK info
logs.txt - Recent redacted logs
config-redacted.txt - Configuration (secrets removed)

Error Handling

Item Purpose Included

Environment versions Compatibility check ✓

SDK version Version-specific bugs ✓

Error logs (redacted) Root cause analysis ✓

Config (redacted) Configuration issues ✓

Network test

Connectivi

navan-deploy-integration SKILL.md View full skill →

Deploy Navan integrations to Vercel, Fly.

ReadWriteEditBash(vercel:*)Bash(fly:*)Bash(gcloud:*)

Navan Deploy Integration

Overview

Deploy Navan-powered applications to popular platforms with proper secrets management.

Prerequisites

Navan API keys for production environment
Platform CLI installed (vercel, fly, or gcloud)
Application code ready for deployment
Environment variables documented

Vercel Deployment

Environment Setup


# Add Navan secrets to Vercel
vercel secrets add navan_api_key sk_live_***
vercel secrets add navan_webhook_secret whsec_***

# Link to project
vercel link

# Deploy preview
vercel

# Deploy production
vercel --prod

vercel.json Configuration


{
  "env": {
    "NAVAN_API_KEY": "@navan_api_key"
  },
  "functions": {
    "api/**/*.ts": {
      "maxDuration": 30
    }
  }
}

Fly.io Deployment

fly.toml


app = "my-navan-app"
primary_region = "iad"

[env]
  NODE_ENV = "production"

[http_service]
  internal_port = 3000
  force_https = true
  auto_stop_machines = true
  auto_start_machines = true

Secrets


# Set Navan secrets
fly secrets set NAVAN_API_KEY=sk_live_***
fly secrets set NAVAN_WEBHOOK_SECRET=whsec_***

# Deploy
fly deploy

Google Cloud Run

Dockerfile


FROM node:20-slim
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
CMD ["npm", "start"]

Deploy Script


#!/bin/bash
# deploy-cloud-run.sh

PROJECT_ID="${GOOGLE_CLOUD_PROJECT}"
SERVICE_NAME="navan-service"
REGION="us-central1"

# Build and push image
gcloud builds submit --tag gcr.io/$PROJECT_ID/$SERVICE_NAME

# Deploy to Cloud Run
gcloud run deploy $SERVICE_NAME \
  --image gcr.io/$PROJECT_ID/$SERVICE_NAME \
  --region $REGION \
  --platform managed \
  --allow-unauthenticated \
  --set-secrets=NAVAN_API_KEY=navan-api-key:latest

Environment Configuration Pattern


// config/navan.ts
interface NavanConfig {
  apiKey: string;
  environment: 'development' | 'staging' | 'production';
  webhookSecret?: string;
}

export function getNavanConfig(): NavanConfig {
  const env = process.env.NODE_ENV || 'development';

  return {
    apiKey: process.env.NAVAN_API_KEY!,
    environment: env as NavanConfig['environment'],
    webhookSecret: process.env.NAVAN_WEBHOOK_SECRET,
  };
}

Health Check Endpoint


// api/health.ts
export async function GET() {
  const navanStatus = await checkNavanConnection();

  return Response.json({
    status: navanStatus ? 'healthy' : '


                
                  
                  
                  navan-enterprise-rbac
                  SKILL.md
                  View full skill →
                
                
                  Configure Navan enterprise SSO, role-based access control, and organization management.
                  
                      ReadWriteEdit
                    
                
                
                  Navan Enterprise RBAC
Overview
Configure enterprise-grade access control for Navan integrations.
Prerequisites

Navan Enterprise tier subscription
Identity Provider (IdP) with SAML/OIDC support
Understanding of role-based access patterns
Audit logging infrastructure

Role Definitions

Role
Permissions
Use Case


Admin
Full access
Platform administrators


Developer
Read/write, no delete
Active development


Viewer
Read-only
Stakeholders, auditors


Service
API access only
Automated systems


Role Implementation

enum NavanRole {
  Admin = 'admin',
  Developer = 'developer',
  Viewer = 'viewer',
  Service = 'service',
}

interface NavanPermissions {
  read: boolean;
  write: boolean;
  delete: boolean;
  admin: boolean;
}

const ROLE_PERMISSIONS: Record<NavanRole, NavanPermissions> = {
  admin: { read: true, write: true, delete: true, admin: true },
  developer: { read: true, write: true, delete: false, admin: false },
  viewer: { read: true, write: false, delete: false, admin: false },
  service: { read: true, write: true, delete: false, admin: false },
};

function checkPermission(
  role: NavanRole,
  action: keyof NavanPermissions
): boolean {
  return ROLE_PERMISSIONS[role][action];
}

SSO Integration
SAML Configuration

// Navan SAML setup
const samlConfig = {
  entryPoint: 'https://idp.company.com/saml/sso',
  issuer: 'https://navan.com/saml/metadata',
  cert: process.env.SAML_CERT,
  callbackUrl: 'https://app.yourcompany.com/auth/navan/callback',
};

// Map IdP groups to Navan roles
const groupRoleMapping: Record<string, NavanRole> = {
  'Engineering': NavanRole.Developer,
  'Platform-Admins': NavanRole.Admin,
  'Data-Team': NavanRole.Viewer,
};

OAuth2/OIDC Integration

import { OAuth2Client } from '@navan/sdk';

const oauthClient = new OAuth2Client({
  clientId: process.env.NAVAN_OAUTH_CLIENT_ID!,
  clientSecret: process.env.NAVAN_OAUTH_CLIENT_SECRET!,
  redirectUri: 'https://app.yourcompany.com/auth/navan/callback',
  scopes: ['read', 'write'],
});

Organization Management

interface NavanOrganization {
  id: string;
  name: string;
  ssoEnabled: boolean;
  enforceSso: boolean;
  allowedDomains: string[];
  defaultRole: NavanRole;
}

async function createOrganization(
  config: NavanOrganization
): Promise<void> {
  await navanClient.organizations.create({
    ...config,
    settings: {


                
                  
                  
                  navan-hello-world
                  SKILL.md
                  View full skill →
                
                
                  Create a minimal working Navan example.
                  
                      ReadWriteEdit
                    
                
                
                  Navan Hello World
Overview
Minimal working example demonstrating core Navan functionality.
Prerequisites

Completed navan-install-auth setup
Valid API credentials configured
Development environment ready

Instructions
Step 1: Create Entry File
Create a new file for your hello world example.
Step 2: Import and Initialize Client

import { NavanClient } from '@navan/sdk';

const client = new NavanClient({
  apiKey: process.env.NAVAN_API_KEY,
});

Step 3: Make Your First API Call

async function main() {
  // Your first API call here
}

main().catch(console.error);

Output

Working code file with Navan client initialization
Successful API response confirming connection
Console output showing:


Success! Your Navan connection is working.

Error Handling

Error
Cause
Solution


Import Error
SDK not installed
Verify with npm list or pip show


Auth Error
Invalid credentials
Check environment variable is set


Timeout
Network issues
Increase timeout or check connectivity


Rate Limit
Too many requests
Wait and retry with exponential backoff


Examples
TypeScript Example

import { NavanClient } from '@navan/sdk';

const client = new NavanClient({
  apiKey: process.env.NAVAN_API_KEY,
});

async function main() {
  // Your first API call here
}

main().catch(console.error);

Python Example

from navan import NavanClient

client = NavanClient()

# Your first API call here

Resources

Navan Getting Started
Navan API Reference
Navan Examples

Next Steps
Proceed to navan-local-dev-loop for development workflow setup.


                
                  
                  
                  navan-incident-runbook
                  SKILL.md
                  View full skill →
                
                
                  Execute Navan incident response procedures with triage, mitigation, and postmortem.
                  
                      ReadGrepBash(kubectl:*)Bash(curl:*)
                    
                
                
                  Navan Incident Runbook
Overview
Rapid incident response procedures for Navan-related outages.
Prerequisites

Access to Navan dashboard and status page
kubectl access to production cluster
Prometheus/Grafana access
Communication channels (Slack, PagerDuty)

Severity Levels

Level
Definition
Response Time
Examples


P1
Complete outage
< 15 min
Navan API unreachable


P2
Degraded service
< 1 hour
High latency, partial failures


P3
Minor impact
< 4 hours
Webhook delays, non-critical errors


P4
No user impact
Next business day
Monitoring gaps


Quick Triage

# 1. Check Navan status
curl -s https://status.navan.com | jq

# 2. Check our integration health
curl -s https://api.yourapp.com/health | jq '.services.navan'

# 3. Check error rate (last 5 min)
curl -s localhost:9090/api/v1/query?query=rate(navan_errors_total[5m])

# 4. Recent error logs
kubectl logs -l app=navan-integration --since=5m | grep -i error | tail -20

Decision Tree

Navan API returning errors?
├─ YES: Is status.navan.com showing incident?
│   ├─ YES → Wait for Navan to resolve. Enable fallback.
│   └─ NO → Our integration issue. Check credentials, config.
└─ NO: Is our service healthy?
    ├─ YES → Likely resolved or intermittent. Monitor.
    └─ NO → Our infrastructure issue. Check pods, memory, network.

Immediate Actions by Error Type
401/403 - Authentication

# Verify API key is set
kubectl get secret navan-secrets -o jsonpath='{.data.api-key}' | base64 -d

# Check if key was rotated
# → Verify in Navan dashboard

# Remediation: Update secret and restart pods
kubectl create secret generic navan-secrets --from-literal=api-key=NEW_KEY --dry-run=client -o yaml | kubectl apply -f -
kubectl rollout restart deployment/navan-integration

429 - Rate Limited

# Check rate limit headers
curl -v https://api.navan.com 2>&1 | grep -i rate

# Enable request queuing
kubectl set env deployment/navan-integration RATE_LIMIT_MODE=queue

# Long-term: Contact Navan for limit increase

500/503 - Navan Errors

# Enable graceful degradation
kubectl set env deployment/navan-integration NAVAN_FALLBACK=true

# Notify users of degraded service
# Update status page

# Monitor Navan status for resolution

Communication Templates
Internal (Slack)

🔴 P1 INCIDENT: Navan Integration
Status: INVESTIGATING
Impact: [Describe user impact]
Current action: [What you're doin


                
                  
                  
                  navan-install-auth
                  SKILL.md
                  View full skill →
                
                
                  Install and configure Navan SDK/CLI authentication.
                  
                      ReadWriteEditBash(npm:*)Bash(pip:*)Grep
                    
                
                
                  Navan Install & Auth
Overview
Set up Navan SDK/CLI and configure authentication credentials.
Prerequisites

Node.js 18+ or Python 3.10+
Package manager (npm, pnpm, or pip)
Navan account with API access
API key from Navan dashboard

Instructions
Step 1: Install SDK

# Node.js
npm install @navan/sdk

# Python
pip install navan

Step 2: Configure Authentication

# Set environment variable
export NAVAN_API_KEY="your-api-key"

# Or create .env file
echo 'NAVAN_API_KEY=your-api-key' >> .env

Step 3: Verify Connection

// Test connection code here

Output

Installed SDK package in node_modules or site-packages
Environment variable or .env file with API key
Successful connection verification output

Error Handling

Error
Cause
Solution


Invalid API Key
Incorrect or expired key
Verify key in Navan dashboard


Rate Limited
Exceeded quota
Check quota at https://docs.navan.com


Network Error
Firewall blocking
Ensure outbound HTTPS allowed


Module Not Found
Installation failed
Run npm install or pip install again


Examples
TypeScript Setup

import { NavanClient } from '@navan/sdk';

const client = new NavanClient({
  apiKey: process.env.NAVAN_API_KEY,
});

Python Setup

from navan import NavanClient

client = NavanClient(
    api_key=os.environ.get('NAVAN_API_KEY')
)

Resources

Navan Documentation
Navan Dashboard
Navan Status

Next Steps
After successful auth, proceed to navan-hello-world for your first API call.


                
                  
                  
                  navan-local-dev-loop
                  SKILL.md
                  View full skill →
                
                
                  Configure Navan local development with hot reload and testing.
                  
                      ReadWriteEditBash(npm:*)Bash(pnpm:*)Grep
                    
                
                
                  Navan Local Dev Loop
Overview
Set up a fast, reproducible local development workflow for Navan.
Prerequisites

Completed navan-install-auth setup
Node.js 18+ with npm/pnpm
Code editor with TypeScript support
Git for version control

Instructions
Step 1: Create Project Structure

my-navan-project/
├── src/
│   ├── navan/
│   │   ├── client.ts       # Navan client wrapper
│   │   ├── config.ts       # Configuration management
│   │   └── utils.ts        # Helper functions
│   └── index.ts
├── tests/
│   └── navan.test.ts
├── .env.local              # Local secrets (git-ignored)
├── .env.example            # Template for team
└── package.json

Step 2: Configure Environment

# Copy environment template
cp .env.example .env.local

# Install dependencies
npm install

# Start development server
npm run dev

Step 3: Setup Hot Reload

{
  "scripts": {
    "dev": "tsx watch src/index.ts",
    "test": "vitest",
    "test:watch": "vitest --watch"
  }
}

Step 4: Configure Testing

import { describe, it, expect, vi } from 'vitest';
import { NavanClient } from '../src/navan/client';

describe('Navan Client', () => {
  it('should initialize with API key', () => {
    const client = new NavanClient({ apiKey: 'test-key' });
    expect(client).toBeDefined();
  });
});

Output

Working development environment with hot reload
Configured test suite with mocking
Environment variable management
Fast iteration cycle for Navan development

Error Handling

Error
Cause
Solution


Module not found
Missing dependency
Run npm install


Port in use
Another process
Kill process or change port


Env not loaded
Missing .env.local
Copy from .env.example


Test timeout
Slow network
Increase test timeout


Examples
Mock Navan Responses

vi.mock('@navan/sdk', () => ({
  NavanClient: vi.fn().mockImplementation(() => ({
    // Mock methods here
  })),
}));

Debug Mode

# Enable verbose logging
DEBUG=NAVAN=* npm run dev

Resources

Navan SDK Reference
Vitest Documentation
tsx Documentation

Next St


                
                  
                  
                  navan-migration-deep-dive
                  SKILL.md
                  View full skill →
                
                
                  Execute Navan major re-architecture and migration strategies with strangler fig pattern.
                  
                      ReadWriteEditBash(npm:*)Bash(node:*)Bash(kubectl:*)
                    
                
                
                  Navan Migration Deep Dive
Overview
Comprehensive guide for migrating to or from Navan, or major version upgrades.
Prerequisites

Current system documentation
Navan SDK installed
Feature flag infrastructure
Rollback strategy tested

Migration Types

Type
Complexity
Duration
Risk


Fresh install
Low
Days
Low


From competitor
Medium
Weeks
Medium


Major version
Medium
Weeks
Medium


Full replatform
High
Months
High


Pre-Migration Assessment
Step 1: Current State Analysis

# Document current implementation
find . -name "*.ts" -o -name "*.py" | xargs grep -l "navan" > navan-files.txt

# Count integration points
wc -l navan-files.txt

# Identify dependencies
npm list | grep navan
pip freeze | grep navan

Step 2: Data Inventory

interface MigrationInventory {
  dataTypes: string[];
  recordCounts: Record<string, number>;
  dependencies: string[];
  integrationPoints: string[];
  customizations: string[];
}

async function assessNavanMigration(): Promise<MigrationInventory> {
  return {
    dataTypes: await getDataTypes(),
    recordCounts: await getRecordCounts(),
    dependencies: await analyzeDependencies(),
    integrationPoints: await findIntegrationPoints(),
    customizations: await documentCustomizations(),
  };
}

Migration Strategy: Strangler Fig Pattern

Phase 1: Parallel Run
┌─────────────┐     ┌─────────────┐
│   Old       │     │   New       │
│   System    │ ──▶ │  Navan   │
│   (100%)    │     │   (0%)      │
└─────────────┘     └─────────────┘

Phase 2: Gradual Shift
┌─────────────┐     ┌─────────────┐
│   Old       │     │   New       │
│   (50%)     │ ──▶ │   (50%)     │
└─────────────┘     └─────────────┘

Phase 3: Complete
┌─────────────┐     ┌─────────────┐
│   Old       │     │   New       │
│   (0%)      │ ──▶ │   (100%)    │
└─────────────┘     └─────────────┘

Implementation Plan
Phase 1: Setup (Week 1-2)

# Install Navan SDK
npm install @navan/sdk

# Configure credentials
cp .env.example .env.navan
# Edit with new credentials

# Verify connectivity
node -e "require('@navan/sdk').ping()"

Phase 2: Adapter Layer (Week 3-4)

// src/adapters/navan.ts
interface ServiceAdapter {
  create(data: CreateInput): Promise<Resource>;
  read(id: string): Promise<Resource>;
  update(id: string, data: UpdateInput): Promise<Resource>;
  delete(id: string): Promise<


                
                  
                  
                  navan-multi-env-setup
                  SKILL.md
                  View full skill →
                
                
                  Configure Navan across development, staging, and production environments.
                  
                      ReadWriteEditBash(aws:*)Bash(gcloud:*)Bash(vault:*)
                    
                
                
                  Navan Multi-Environment Setup
Overview
Configure Navan across development, staging, and production environments.
Prerequisites

Separate Navan accounts or API keys per environment
Secret management solution (Vault, AWS Secrets Manager, etc.)
CI/CD pipeline with environment variables
Environment detection in application

Environment Strategy

Environment
Purpose
API Keys
Data


Development
Local dev
Test keys
Sandbox


Staging
Pre-prod validation
Staging keys
Test data


Production
Live traffic
Production keys
Real data


Configuration Structure

config/
├── navan/
│   ├── base.json           # Shared config
│   ├── development.json    # Dev overrides
│   ├── staging.json        # Staging overrides
│   └── production.json     # Prod overrides

base.json

{
  "timeout": 30000,
  "retries": 3,
  "cache": {
    "enabled": true,
    "ttlSeconds": 60
  }
}

development.json

{
  "apiKey": "${NAVAN_API_KEY}",
  "baseUrl": "https://api-sandbox.navan.com",
  "debug": true,
  "cache": {
    "enabled": false
  }
}

staging.json

{
  "apiKey": "${NAVAN_API_KEY_STAGING}",
  "baseUrl": "https://api-staging.navan.com",
  "debug": false
}

production.json

{
  "apiKey": "${NAVAN_API_KEY_PROD}",
  "baseUrl": "https://api.navan.com",
  "debug": false,
  "retries": 5
}

Environment Detection

// src/navan/config.ts
import baseConfig from '../../config/navan/base.json';

type Environment = 'development' | 'staging' | 'production';

function detectEnvironment(): Environment {
  const env = process.env.NODE_ENV || 'development';
  const validEnvs: Environment[] = ['development', 'staging', 'production'];
  return validEnvs.includes(env as Environment)
    ? (env as Environment)
    : 'development';
}

export function getNavanConfig() {
  const env = detectEnvironment();
  const envConfig = require(`../../config/navan/${env}.json`);

  return {
    ...baseConfig,
    ...envConfig,
    environment: env,
  };
}

Secret Management by Environment
Local Development

# .env.local (git-ignored)
NAVAN_API_KEY=sk_test_dev_***

CI


                
                  
                  
                  navan-observability
                  SKILL.md
                  View full skill →
                
                
                  Set up comprehensive observability for Navan integrations with metrics, traces, and alerts.
                  
                      ReadWriteEdit
                    
                
                
                  Navan Observability
Overview
Set up comprehensive observability for Navan integrations.
Prerequisites

Prometheus or compatible metrics backend
OpenTelemetry SDK installed
Grafana or similar dashboarding tool
AlertManager configured

Metrics Collection
Key Metrics

Metric
Type
Description


navanrequeststotal
Counter
Total API requests


navanrequestduration_seconds
Histogram
Request latency


navanerrorstotal
Counter
Error count by type


navanratelimit_remaining
Gauge
Rate limit headroom


Prometheus Metrics

import { Registry, Counter, Histogram, Gauge } from 'prom-client';

const registry = new Registry();

const requestCounter = new Counter({
  name: 'navan_requests_total',
  help: 'Total Navan API requests',
  labelNames: ['method', 'status'],
  registers: [registry],
});

const requestDuration = new Histogram({
  name: 'navan_request_duration_seconds',
  help: 'Navan request duration',
  labelNames: ['method'],
  buckets: [0.05, 0.1, 0.25, 0.5, 1, 2.5, 5],
  registers: [registry],
});

const errorCounter = new Counter({
  name: 'navan_errors_total',
  help: 'Navan errors by type',
  labelNames: ['error_type'],
  registers: [registry],
});

Instrumented Client

async function instrumentedRequest<T>(
  method: string,
  operation: () => Promise<T>
): Promise<T> {
  const timer = requestDuration.startTimer({ method });

  try {
    const result = await operation();
    requestCounter.inc({ method, status: 'success' });
    return result;
  } catch (error: any) {
    requestCounter.inc({ method, status: 'error' });
    errorCounter.inc({ error_type: error.code || 'unknown' });
    throw error;
  } finally {
    timer();
  }
}

Distributed Tracing
OpenTelemetry Setup

import { trace, SpanStatusCode } from '@opentelemetry/api';

const tracer = trace.getTracer('navan-client');

async function tracedNavanCall<T>(
  operationName: string,
  operation: () => Promise<T>
): Promise<T> {
  return tracer.startActiveSpan(`navan.${operationName}`, async (span) => {
    try {
      const result = await operation();
      span.setStatus({ code: SpanStatusCode.OK });
      return result;
    } catch (error: any) {
      span.setStatus({ code: SpanStatusCode.ERROR, message: error.message });
      span.recordException(error);


                
                  
                  
                  navan-performance-tuning
                  SKILL.md
                  View full skill →
                
                
                  Optimize Navan API performance with caching, batching, and connection pooling.
                  
                      ReadWriteEdit
                    
                
                
                  Navan Performance Tuning
Overview
Optimize Navan API performance with caching, batching, and connection pooling.
Prerequisites

Navan SDK installed
Understanding of async patterns
Redis or in-memory cache available (optional)
Performance monitoring in place

Latency Benchmarks

Operation
P50
P95
P99


Read
50ms
150ms
300ms


Write
100ms
250ms
500ms


List
75ms
200ms
400ms


Caching Strategy
Response Caching

import { LRUCache } from 'lru-cache';

const cache = new LRUCache<string, any>({
  max: 1000,
  ttl: 60000, // 1 minute
  updateAgeOnGet: true,
});

async function cachedNavanRequest<T>(
  key: string,
  fetcher: () => Promise<T>,
  ttl?: number
): Promise<T> {
  const cached = cache.get(key);
  if (cached) return cached as T;

  const result = await fetcher();
  cache.set(key, result, { ttl });
  return result;
}

Redis Caching (Distributed)

import Redis from 'ioredis';

const redis = new Redis(process.env.REDIS_URL);

async function cachedWithRedis<T>(
  key: string,
  fetcher: () => Promise<T>,
  ttlSeconds = 60
): Promise<T> {
  const cached = await redis.get(key);
  if (cached) return JSON.parse(cached);

  const result = await fetcher();
  await redis.setex(key, ttlSeconds, JSON.stringify(result));
  return result;
}

Request Batching

import DataLoader from 'dataloader';

const navanLoader = new DataLoader<string, any>(
  async (ids) => {
    // Batch fetch from Navan
    const results = await navanClient.batchGet(ids);
    return ids.map(id => results.find(r => r.id === id) || null);
  },
  {
    maxBatchSize: 100,
    batchScheduleFn: callback => setTimeout(callback, 10),
  }
);

// Usage - automatically batched
const [item1, item2, item3] = await Promise.all([
  navanLoader.load('id-1'),
  navanLoader.load('id-2'),
  navanLoader.load('id-3'),
]);

Connection Optimization

import { Agent } from 'https';

// Keep-alive connection pooling
const agent = new Agent({
  keepAlive: true,
  maxSockets: 10,
  maxFreeSockets: 5,
  timeout: 30000,
});

const client = new NavanClient({
  apiKey: process.env.NAVAN_API_KEY!,
  httpAgent: agent,
});

Pagination Optimization

async function* paginatedNavanList<T>(
  fetcher: (cursor?: string) => Promise<{ data: T[]; nextCursor?: string }>
): AsyncGenerator<T> {
  let cursor: strin


                
                  
                  
                  navan-prod-checklist
                  SKILL.md
                  View full skill →
                
                
                  Execute Navan production deployment checklist and rollback procedures.
                  
                      ReadBash(kubectl:*)Bash(curl:*)Grep
                    
                
                
                  Navan Production Checklist
Overview
Complete checklist for deploying Navan integrations to production.
Prerequisites

Staging environment tested and verified
Production API keys available
Deployment pipeline configured
Monitoring and alerting ready

Instructions
Step 1: Pre-Deployment Configuration

[ ] Production API keys in secure vault
[ ] Environment variables set in deployment platform
[ ] API key scopes are minimal (least privilege)
[ ] Webhook endpoints configured with HTTPS
[ ] Webhook secrets stored securely

Step 2: Code Quality Verification

[ ] All tests passing (npm test)
[ ] No hardcoded credentials
[ ] Error handling covers all Navan error types
[ ] Rate limiting/backoff implemented
[ ] Logging is production-appropriate

Step 3: Infrastructure Setup

[ ] Health check endpoint includes Navan connectivity
[ ] Monitoring/alerting configured
[ ] Circuit breaker pattern implemented
[ ] Graceful degradation configured

Step 4: Documentation Requirements

[ ] Incident runbook created
[ ] Key rotation procedure documented
[ ] Rollback procedure documented
[ ] On-call escalation path defined

Step 5: Deploy with Gradual Rollout

# Pre-flight checks
curl -f https://staging.example.com/health
curl -s https://status.navan.com

# Gradual rollout - start with canary (10%)
kubectl apply -f k8s/production.yaml
kubectl set image deployment/navan-integration app=image:new --record
kubectl rollout pause deployment/navan-integration

# Monitor canary traffic for 10 minutes
sleep 600
# Check error rates and latency before continuing

# If healthy, continue rollout to 50%
kubectl rollout resume deployment/navan-integration
kubectl rollout pause deployment/navan-integration
sleep 300

# Complete rollout to 100%
kubectl rollout resume deployment/navan-integration
kubectl rollout status deployment/navan-integration

Output

Deployed Navan integration
Health checks passing
Monitoring active
Rollback procedure documented

Error Handling

Alert
Condition
Severity


API Down
5xx errors > 10/min
P1


High Latency
p99 > 5000ms
P2


Rate Limited
429 errors > 5/min
P2


Auth Failures
401/403 errors > 0
P1


Examples
Health Check Implementation

async function healthCheck(): Promise<{ status: string; navan: any }> {
  const start = Date.now();
  tr


                
                  
                  
                  navan-rate-limits
                  SKILL.md
                  View full skill →
                
                
                  Implement Navan rate limiting, backoff, and idempotency patterns.
                  
                      ReadWriteEdit
                    
                
                
                  Navan Rate Limits
Overview
Handle Navan rate limits gracefully with exponential backoff and idempotency.
Prerequisites

Navan SDK installed
Understanding of async/await patterns
Access to rate limit headers

Instructions
Step 1: Understand Rate Limit Tiers

Tier
Requests/min
Requests/day
Burst


Free
60
1,000
10


Pro
300
10,000
50


Enterprise
1,000
100,000
200


Step 2: Implement Exponential Backoff with Jitter

async function withExponentialBackoff<T>(
  operation: () => Promise<T>,
  config = { maxRetries: 5, baseDelayMs: 1000, maxDelayMs: 32000, jitterMs: 500 }
): Promise<T> {
  for (let attempt = 0; attempt <= config.maxRetries; attempt++) {
    try {
      return await operation();
    } catch (error: any) {
      if (attempt === config.maxRetries) throw error;
      const status = error.status || error.response?.status;
      if (status !== 429 && (status < 500 || status >= 600)) throw error;

      // Exponential delay with jitter to prevent thundering herd
      const exponentialDelay = config.baseDelayMs * Math.pow(2, attempt);
      const jitter = Math.random() * config.jitterMs;
      const delay = Math.min(exponentialDelay + jitter, config.maxDelayMs);

      console.log(`Rate limited. Retrying in ${delay.toFixed(0)}ms...`);
      await new Promise(r => setTimeout(r, delay));
    }
  }
  throw new Error('Unreachable');
}

Step 3: Add Idempotency Keys

import { v4 as uuidv4 } from 'uuid';
import crypto from 'crypto';

// Generate deterministic key from operation params (for safe retries)
function generateIdempotencyKey(operation: string, params: Record<string, any>): string {
  const data = JSON.stringify({ operation, params });
  return crypto.createHash('sha256').update(data).digest('hex');
}

async function idempotentRequest<T>(
  client: NavanClient,
  params: Record<string, any>,
  idempotencyKey?: string  // Pass existing key for retries
): Promise<T> {
  // Use provided key (for retries) or generate deterministic key from params
  const key = idempotencyKey || generateIdempotencyKey(params.method || 'POST', params);
  return client.request({
    ...params,
    headers: { 'Idempotency-Key': key, ...params.headers },
  });
}

Output

Reliable API calls with automatic retry
Idempotent requests preventing duplicates
Rate limit headers properly handled

Error Handling

                
                  
                  
                  navan-reference-architecture
                  SKILL.md
                  View full skill →
                
                
                  Implement Navan reference architecture with best-practice project layout.
                  
                      ReadGrep
                    
                
                
                  Navan Reference Architecture
Overview
Production-ready architecture patterns for Navan integrations.
Prerequisites

Understanding of layered architecture
Navan SDK knowledge
TypeScript project setup
Testing framework configured

Project Structure

my-navan-project/
├── src/
│   ├── navan/
│   │   ├── client.ts           # Singleton client wrapper
│   │   ├── config.ts           # Environment configuration
│   │   ├── types.ts            # TypeScript types
│   │   ├── errors.ts           # Custom error classes
│   │   └── handlers/
│   │       ├── webhooks.ts     # Webhook handlers
│   │       └── events.ts       # Event processing
│   ├── services/
│   │   └── navan/
│   │       ├── index.ts        # Service facade
│   │       ├── sync.ts         # Data synchronization
│   │       └── cache.ts        # Caching layer
│   ├── api/
│   │   └── navan/
│   │       └── webhook.ts      # Webhook endpoint
│   └── jobs/
│       └── navan/
│           └── sync.ts         # Background sync job
├── tests/
│   ├── unit/
│   │   └── navan/
│   └── integration/
│       └── navan/
├── config/
│   ├── navan.development.json
│   ├── navan.staging.json
│   └── navan.production.json
└── docs/
    └── navan/
        ├── SETUP.md
        └── RUNBOOK.md

Layer Architecture

┌─────────────────────────────────────────┐
│             API Layer                    │
│   (Controllers, Routes, Webhooks)        │
├─────────────────────────────────────────┤
│           Service Layer                  │
│  (Business Logic, Orchestration)         │
├─────────────────────────────────────────┤
│          Navan Layer        │
│   (Client, Types, Error Handling)        │
├─────────────────────────────────────────┤
│         Infrastructure Layer             │
│    (Cache, Queue, Monitoring)            │
└─────────────────────────────────────────┘

Key Components
Step 1: Client Wrapper

// src/navan/client.ts
export class NavanService {
  private client: NavanClient;
  private cache: Cache;
  private monitor: Monitor;

  constructor(config: NavanConfig) {
    this.client = new NavanClient(config);
    this.cache = new Cache(config.cacheOptions);
    this.monitor = new Monitor('navan');
  }

  async get(id: string): Promise<Resource> {
    return this.cache.getOrFetch(id, () =>
      this.monitor.track('get', () => this.client.get(id))
    );
  }
}

Step 2: Error Boundary

// src/navan/errors.ts
export class NavanServiceError extends Error {
  constructor(
    message: string,
    public readonly code: string,
    public readonly retryable: boolean,
    public readonly originalError?: Error
  ) {
    super(message);
    this.name = 'NavanServiceError';
  }
}

export function wrapNavanError(error: unknown

                

              

                
                  
                  
                  navan-sdk-patterns
                  SKILL.md
                  View full skill →
                
                
                  Apply production-ready Navan SDK patterns for TypeScript and Python.
                  
                      ReadWriteEdit
                    
                
                
                  Navan SDK Patterns
Overview
Production-ready patterns for Navan SDK usage in TypeScript and Python.
Prerequisites

Completed navan-install-auth setup
Familiarity with async/await patterns
Understanding of error handling best practices

Instructions
Step 1: Implement Singleton Pattern (Recommended)

// src/navan/client.ts
import { NavanClient } from '@navan/sdk';

let instance: NavanClient | null = null;

export function getNavanClient(): NavanClient {
  if (!instance) {
    instance = new NavanClient({
      apiKey: process.env.NAVAN_API_KEY!,
      // Additional options
    });
  }
  return instance;
}

Step 2: Add Error Handling Wrapper

import { NavanError } from '@navan/sdk';

async function safeNavanCall<T>(
  operation: () => Promise<T>
): Promise<{ data: T | null; error: Error | null }> {
  try {
    const data = await operation();
    return { data, error: null };
  } catch (err) {
    if (err instanceof NavanError) {
      console.error({
        code: err.code,
        message: err.message,
      });
    }
    return { data: null, error: err as Error };
  }
}

Step 3: Implement Retry Logic

async function withRetry<T>(
  operation: () => Promise<T>,
  maxRetries = 3,
  backoffMs = 1000
): Promise<T> {
  for (let attempt = 1; attempt <= maxRetries; attempt++) {
    try {
      return await operation();
    } catch (err) {
      if (attempt === maxRetries) throw err;
      const delay = backoffMs * Math.pow(2, attempt - 1);
      await new Promise(r => setTimeout(r, delay));
    }
  }
  throw new Error('Unreachable');
}

Output

Type-safe client singleton
Robust error handling with structured logging
Automatic retry with exponential backoff
Runtime validation for API responses

Error Handling

Header
Description
Action

                
              

Pattern
Use Case
Benefit


Safe wrapper
All API calls
Prevents uncaught exceptions


Retry logic
Transient failures
Improves reliability


Type guards
Response validation
Catches API changes


Logging
All operations
Debugging and monitoring


Examples
Factory Pattern (Multi-tenant)

const clients = new Map<string, NavanClient>();

export function getClientForTenant(tenantId: string): NavanClient {
  if (!clients.has(tenantId)) {
    const apiKey = getTenantApiKey(tenantId);
    clients.set(tenantId, new NavanClient({ apiKey }));
  }
  return clients.get(tenantId)!;
}


                

              

                
                  
                  
                  navan-security-basics
                  SKILL.md
                  View full skill →
                
                
                  Apply Navan security best practices for secrets and access control.
                  
                      ReadWriteGrep
                    
                
                
                  Navan Security Basics
Overview
Security best practices for Navan API keys, tokens, and access control.
Prerequisites

Navan SDK installed
Understanding of environment variables
Access to Navan dashboard

Instructions
Step 1: Configure Environment Variables

# .env (NEVER commit to git)
NAVAN_API_KEY=sk_live_***
NAVAN_SECRET=***

# .gitignore
.env
.env.local
.env.*.local

Step 2: Implement Secret Rotation

# 1. Generate new key in Navan dashboard
# 2. Update environment variable
export NAVAN_API_KEY="new_key_here"

# 3. Verify new key works
curl -H "Authorization: Bearer ${NAVAN_API_KEY}" \
  https://api.navan.com/health

# 4. Revoke old key in dashboard

Step 3: Apply Least Privilege

Environment
Recommended Scopes


Development
read:*


Staging
read:*, write:limited


Production
Only required scopes


Output

Secure API key storage
Environment-specific access controls
Audit logging enabled

Error Handling

Security Issue
Detection
Mitigation


Exposed API key
Git scanning
Rotate immediately


Excessive scopes
Audit logs
Reduce permissions


Missing rotation
Key age check
Schedule rotation


Examples
Service Account Pattern

const clients = {
  reader: new NavanClient({
    apiKey: process.env.NAVAN_READ_KEY,
  }),
  writer: new NavanClient({
    apiKey: process.env.NAVAN_WRITE_KEY,
  }),
};

Webhook Signature Verification

import crypto from 'crypto';

function verifyWebhookSignature(
  payload: string, signature: string, secret: string
): boolean {
  const expected = crypto.createHmac('sha256', secret).update(payload).digest('hex');
  return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
}

Security Checklist

[ ] API keys in environment variables
[ ] .env files in .gitignore
[ ] Different keys for dev/staging/prod
[ ] Minimal scopes per environment
[ ] Webhook signatures validated
[ ] Audit logging enabled

Audit Logging

interface AuditEntry {
  timestamp: Date;
  action: string;
  userId: string;
  resource: string;
  result: 'success' | 'failure';
  metadata?: Record<string, any>;
}


                

              

                
                  
                  
                  navan-upgrade-migration
                  SKILL.md
                  View full skill →
                
                
                  Analyze, plan, and execute Navan SDK upgrades with breaking change detection.
                  
                      ReadWriteEditBash(npm:*)Bash(git:*)
                    
                
                
                  Navan Upgrade & Migration
Overview
Guide for upgrading Navan SDK versions and handling breaking changes.
Prerequisites

Current Navan SDK installed
Git for version control
Test suite available
Staging environment

Instructions
Step 1: Check Current Version

npm list @navan/sdk
npm view @navan/sdk version

Step 2: Review Changelog

open https://github.com/navan/sdk/releases

Step 3: Create Upgrade Branch

git checkout -b upgrade/navan-sdk-vX.Y.Z
npm install @navan/sdk@latest
npm test

Step 4: Handle Breaking Changes
Update import statements, configuration, and method signatures as needed.
Output

Updated SDK version
Fixed breaking changes
Passing test suite
Documented rollback procedure

Error Handling

SDK Version
API Version
Node.js
Breaking Changes


3.x
2024-01
18+
Major refactor


2.x
2023-06
16+
Auth changes


1.x
2022-01
14+
Initial release


Examples
Import Changes

// Before (v1.x)
import { Client } from '@navan/sdk';

// After (v2.x)
import { NavanClient } from '@navan/sdk';

Configuration Changes

// Before (v1.x)
const client = new Client({ key: 'xxx' });

// After (v2.x)
const client = new NavanClient({
  apiKey: 'xxx',
});

Rollback Procedure

npm install @navan/sdk@1.x.x --save-exact

Deprecation Handling

// Monitor for deprecation warnings in development
if (process.env.NODE_ENV === 'development') {
  process.on('warning', (warning) => {
    if (warning.name === 'DeprecationWarning') {
      console.warn('[Navan]', warning.message);
      // Log to tracking system for proactive updates
    }
  });
}

// Common deprecation patterns to watch for:
// - Renamed methods: client.oldMethod() -> client.newMethod()
// - Changed parameters: { key: 'x' } -> { apiKey: 'x' }
// - Removed features: Check release notes before upgrading

Resources

Navan Changelog
Navan Migration Guide

Next Steps
For CI integration during upgrades, see navan-ci-integration.
                
              

                
                  
                  
                  navan-webhooks-events
                  SKILL.md
                  View full skill →
                
                
                  Implement Navan webhook signature validation and event handling.
                  
                      ReadWriteEditBash(curl:*)
                    
                
                
                  Navan Webhooks & Events
Overview
Securely handle Navan webhooks with signature validation and replay protection.
Prerequisites

Navan webhook secret configured
HTTPS endpoint accessible from internet
Understanding of cryptographic signatures
Redis or database for idempotency (optional)

Webhook Endpoint Setup
Express.js

import express from 'express';
import crypto from 'crypto';

const app = express();

// IMPORTANT: Raw body needed for signature verification
app.post('/webhooks/navan',
  express.raw({ type: 'application/json' }),
  async (req, res) => {
    const signature = req.headers['x-navan-signature'] as string;
    const timestamp = req.headers['x-navan-timestamp'] as string;

    if (!verifyNavanSignature(req.body, signature, timestamp)) {
      return res.status(401).json({ error: 'Invalid signature' });
    }

    const event = JSON.parse(req.body.toString());
    await handleNavanEvent(event);

    res.status(200).json({ received: true });
  }
);

Signature Verification

function verifyNavanSignature(
  payload: Buffer,
  signature: string,
  timestamp: string
): boolean {
  const secret = process.env.NAVAN_WEBHOOK_SECRET!;

  // Reject old timestamps (replay attack protection)
  const timestampAge = Date.now() - parseInt(timestamp) * 1000;
  if (timestampAge > 300000) { // 5 minutes
    console.error('Webhook timestamp too old');
    return false;
  }

  // Compute expected signature
  const signedPayload = `${timestamp}.${payload.toString()}`;
  const expectedSignature = crypto
    .createHmac('sha256', secret)
    .update(signedPayload)
    .digest('hex');

  // Timing-safe comparison
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expectedSignature)
  );
}

Event Handler Pattern

type NavanEventType = 'resource.created' | 'resource.updated' | 'resource.deleted';

interface NavanEvent {
  id: string;
  type: NavanEventType;
  data: Record<string, any>;
  created: string;
}

const eventHandlers: Record<NavanEventType, (data: any) => Promise<void>> = {
  'resource.created': async (data) => { /* handle */ },
  'resource.updated': async (data) => { /* handle */ },
  'resource.deleted': async (data) => { /* handle */ }
};

async function handleNavanEvent(event: NavanEvent): Promise<void> {
  const handler = eventHandlers[event.type];

  if (!handler) {
    console.log(`Unhandled event type: ${event.type}`);
    return;
  }

  try {
    await handler(event.data);
    console.log(`Processed ${event.type}: ${event.id}`);
  } catch (error) {
    console.error(`Failed to process ${event.type}: ${event.id}`,


        

      
      

      
      

      
      

      
      
  Ready to use navan-pack?
  
    
    
  




      
      
          Related Plugins
          
            
                excel-analyst-pro
                Professional financial modeling toolkit for Claude Code with auto-invoked Skills and Excel MCP integration. Build DCF models, LBO analysis, variance reports, and pivot tables using natural language.
              
                brand-strategy-framework
                A 7-part brand strategy framework for building comprehensive brand foundations - the same methodology top agencies use with Fortune 500 clients.
              
                clay-pack
                Complete Clay integration skill pack with 30 skills covering data enrichment, waterfall workflows, AI agents, and GTM automation. Flagship+ tier vendor pack.
              
                instantly-pack
                Complete Instantly integration skill pack with 24 skills covering cold email, outreach automation, and lead generation. Flagship tier vendor pack.
              
                apollo-pack
                Complete Apollo integration skill pack with 24 skills covering sales engagement, prospecting, sequencing, analytics, and outbound automation. Flagship tier vendor pack.
              
                juicebox-pack
                Complete Juicebox integration skill pack with 24 skills covering people data, enrichment, contact search, and AI-powered discovery. Flagship tier vendor pack.
              
          
        

      
      
          Tags
          
            navansaassdkintegration
          
        
    
  

  

    

    
    
        
            
                Stay in the Loop
                
                    
                    
                    
                
                No spam. Unsubscribe anytime.
            

            
                
                    Product
                    
                        Explore
                        Skills
                        Cowork
                        Compare
                        Tools
                    
                
                
                    Resources
                    
                        Changelog
                        Collections
                        Playbooks
                        Research
                        Learning
                    
                
                
                    Company
                    
                        Community
                        Spotlight
                        GitHub
                    
                
                
                    Legal
                    
                        Privacy
                        Terms
                        Acceptable Use
                    
                
            

            
                Tons of Skills by Intent Solutions. Marine. Citadel Grad. 20 years ops → self-taught dev → AI architect.
                © 2026 Tons of Skills | Intent Solutions

Aspect	Workflow A	Workflow B
Use Case	Primary	Secondary
Complexity	Medium	Lower
Performance	Standard	Optimized

navan-pack

Installation

Skills (24)

Navan CI Integration

Overview

Prerequisites

Instructions

Step 1: Create GitHub Actions Workflow

Step 2: Configure Secrets

Step 3: Add Integration Tests

Output

Error Handling

Examples

Release Workflow

Branch Protection

Resources

Next Steps

Navan Common Errors

Overview

Prerequisites

Instructions

Step 1: Identify the Error

Step 2: Find Matching Error Below

Step 3: Apply Solution

Output

Error Handling

Authentication Failed

Rate Limit Exceeded

Network Timeout

Examples

Quick Diagnostic Commands

Escalation Path

Resources

Next Steps

Navan Core Workflow A

Overview

Prerequisites

Instructions

Step 1: Initialize

Step 2: Execute

Step 3: Finalize

Output

Error Handling

Examples

Complete Workflow

Common Variations

Resources

Next Steps

Navan Core Workflow B

Overview

Prerequisites

Instructions

Step 1: Setup

Step 2: Process

Step 3: Complete

Output

Error Handling

Examples

Complete Workflow

Error Recovery

Resources

Next Steps

Navan Cost Tuning

Overview

Prerequisites

Pricing Tiers

Cost Estimation

Usage Monitoring

Cost Reduction Strategies

Step 1: Request Sampling

Step 2: Batching Requests

Step 3: Caching (from P16)

Navan Data Handling

Overview

Prerequisites

Data Classification

PII Detection

Data Redaction

Data Retention Policy

Retention Periods